General Bytes shuts down its cloud service after a hacker compromised their Bitcoin ATMs

Updated: 20 March 2023

Disclosure

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

Join Our Telegram channel to stay up to date on breaking news coverage

General Bytes, a well-known Bitcoin ATM maker, recently announced that it was forced to shut down its cloud service upon discovering a major security vulnerability. According to the firm, the flaw allowed an unknown hacker to use the terminals to access accounts belonging to other users and breach their hot wallets after gaining sensitive information, such as passwords and private keys.

On March 17-18th, 2023, GENERAL BYTES experienced a security incident.

We released a statement urging customers to take immediate action to protect their personal information.

We urge all our customers to take immediate action to protect their funds and https://t.co/fajc61lcwR… https://t.co/g5FGqvqZQ7

— GENERAL BYTES (@generalbytes) March 18, 2023

What happened?

The Prague-based firm is one of the highly popular ATM manufacturers, and its website says that it has sold more than 15,000 Bitcoin ATMs, which can now be found in more than 149 countries around the world.

The ATM maker published a warning on March 18th, explaining what had happened. According to the post, the hacker managed to remotely upload and run a Java application using the master service interface into its terminals. The goal was clear — accessing sensitive data belonging to other users and stealing user information and, eventually, their funds stored in various hot wallets.

Karel Kyovsky, the founder of the company, stated that this allowed the hacker to access the database, read and decrypt API keys used to access funds in exchanges and hot wallets, send the funds from said hot wallets, download the names and password hashes of users, and turn off their 2FA. The hacker even managed to access terminal event logs, which allowed them to scan for other instances when users used an ATM to scan private keys. Kyovsky noted that some older versions of the company’s ATMs were still logging this data.

Furthermore, the notice revealed that standalone servers belonging to other operators were also breached. Kyovsky noted that multiple security audits were concluded between 2021 and the incident, and none of them managed to identify this vulnerability.

Over $1.54 million in BTC was stolen in addition to other cryptos

So far, the company did not reveal what amount was stolen during the incident, despite already admitting that the hacker was, in fact, able to send the funds from hot wallets. However, it did release details of 41 wallet addresses that were used during the attack. This revealed all the different addresses used for various coins and tokens, including, ADA, AQUA, ANT, BAT, BCH, BTBS, BTC, BTX, BUSD, DAI, BIZZ, DASH, DGB, DOGE, ETC, ETH, EGLD, EURS, FTO, GRS, GQ, HATCH, HT, JOB, LMY, LTC, MKR, and NANO.

This information revealed a number of on-chain transactions into one of the wallets, which resulted in a total balance of 56 BTC. According to current prices, this represents $1.54 million in stolen Bitcoins alone. Another wallet shows several ETH transactions totaling in roughly $36,000 (21.82).

BTC ATM operators were advised to install new, standalone servers. Meanwhile, General Bytes released two patches for CAS (Crypto Application Server), which is used to manage the firm’s ATM’s operations.

Kyovsky advised to “Please keep your CAS behind a firewall and VPN. Terminals should also connect to CAS via VPN- Additionally, consider all your user’s passwords and API keys to exchanges and hot wallets to be compromised. Please invalidate them and generate new keys & passwords.”

Smog (SMOG) - Meme Coin With Rewards

Rating